#!/bin/bash
###
 # @Author: January
 # @Date: 2021-11-22 09:56:19
### 

set -o errexit

# prime256v1 in openss is secp256r1
name=$1
if [ "$name" == "-h" ] || [ -z "$name" ];then
    echo "generate_cert <name>"
    exit 0
fi
# 生成私钥
openssl ecparam -name prime256v1 -genkey -out ${name}.key
echo "${name}.key generated"
# 生成证书签名请求
openssl req -new -sha256 -out ${name}.csr -key ${name}.key
echo "${name}.csr generated"
# 如果是ca证书则进行自签名
if [ "$name" == "ca" ]; then
    # 自签名(使用自己的私钥签名自己的公钥证书，ca使用)
    openssl x509 -req -days 365 -in ${name} -signkey ${name}.key -out ${name}.crt
    echo "${name}.crt generated"
fi

